[Members] GDPR & XSF 10 - Minutes

Winfried Tilanus winfried at tilanus.com
Tue May 8 11:53:03 UTC 2018

On 04-05-18 14:59, Travis Burtrum wrote:

Hi Travis,

> MAM is an integral requirement to modern messaging, suggesting it be off
> by default and a manual opt-in is actively harmful to a good user
> experience.  Why can't this just be in the terms of service the user
> agrees to on signup?  Something like 'This server supports MAM which
> stores your messages on the server, your client is able to turn this off' ?

I see your issue.

The issue is: in some settings (like an in-company server) it is
obligatory to turn on, in some settings (like a standard chat) it is
totally logic to turn in on, in some settings (a snapchat like system)
it is not that obvious or even contrary to the user experience. Much of
this depends on who operates the server and what kind of UI/service the
client offers.

The GDPR demands that in such cases the default option should be the
most private one. Still a server operator can override it or the author
of a client can decide to always turn it on, when MAM is an obvious part
of the service offered. I understand that 'do as suits you' would be
much easier here, but I seriously doubt if we can do that in a legal way
under the GDPR. (Am willing to investigate)


privacy consultant e-health

More information about the Members mailing list